Skip to navigation

Security Advisory Moderate: openswan security update

Advisory: RHSA-2011:1356-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-10-05
Last updated on: 2011-10-05
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-3380

Details

Updated openswan packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks.

A NULL pointer dereference flaw was found in the way Openswan's pluto IKE
daemon handled certain error conditions. A remote, unauthenticated attacker
could send a specially-crafted IKE packet that would crash the pluto
daemon. (CVE-2011-3380)

Red Hat would like to thank the Openswan project for reporting this issue.
Upstream acknowledges Paul Wouters as the original reporter.

All users of openswan are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
this update, the ipsec service will be restarted automatically.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
openswan-2.6.32-4.el6_1.2.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: c9d3634450837b906bf2eaff8754b0cb
SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
 
IA-32:
openswan-2.6.32-4.el6_1.2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 9aea07cccebd85ae63d7a711caa4df14
SHA-256: efe3ca0bece39191d4d605a5b0bbec176f21a98851fef53f404b07c97bf2a863
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: b057a0cb60f0a07a703542453a383d06
SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74
openswan-doc-2.6.32-4.el6_1.2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 41f3178de8e69a9e5ee293386f4b0794
SHA-256: 19ed46dd71e0b6376a81911ae428da448c6c3c458f98e3d85d86c948976aec50
 
x86_64:
openswan-2.6.32-4.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 1b762697c4080519c02e3d10079cf344
SHA-256: aa7e87d3fc455e6f4d33b3e2982a41f959d6bda4dba1eb2657c117c3f819625d
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 240ddca553b1b32dbd84f9d384308368
SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
openswan-doc-2.6.32-4.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 40625a322a72a3e8be8a734e58782d2c
SHA-256: 6f20e57e53351eab44e10ff7eec3a0aadc8024970cef56dd14157630c282a069
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
openswan-2.6.32-4.el6_1.2.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: c9d3634450837b906bf2eaff8754b0cb
SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
 
IA-32:
openswan-2.6.32-4.el6_1.2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 9aea07cccebd85ae63d7a711caa4df14
SHA-256: efe3ca0bece39191d4d605a5b0bbec176f21a98851fef53f404b07c97bf2a863
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: b057a0cb60f0a07a703542453a383d06
SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74
openswan-doc-2.6.32-4.el6_1.2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 41f3178de8e69a9e5ee293386f4b0794
SHA-256: 19ed46dd71e0b6376a81911ae428da448c6c3c458f98e3d85d86c948976aec50
 
PPC:
openswan-2.6.32-4.el6_1.2.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: b29c4a576a418509db89625bc4bb6b7e
SHA-256: 9666c2143bfcdf84fb035c5bc04f71c28d94d44aa91ed890d7b94a403ee05bea
openswan-debuginfo-2.6.32-4.el6_1.2.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: d55017590a1781049c6b60f17d76c84b
SHA-256: ece45739d4a4d3f70818aadbe203960d6ca40fc1b3fae9a3490bbc86dcca547c
openswan-doc-2.6.32-4.el6_1.2.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 725e3a434016b7823dde0638b12ccff4
SHA-256: e8f068bf9bcd92963baa6b72a38130de40001e245327f08d4b69e5e873b4cb31
 
s390x:
openswan-2.6.32-4.el6_1.2.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: 235b704eaccdb42fb081c8cd5969e3b9
SHA-256: a23997a758743ee37826bd8e49c386d91eae52d93a8f04c7a12046176a3a0d93
openswan-debuginfo-2.6.32-4.el6_1.2.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: 8f338cdf87b43e6a335e9b96b11f553c
SHA-256: 2481afe8ef02d24ac55e4d951f0a5a162f4431ca196cc5914bb832247833e5b3
openswan-doc-2.6.32-4.el6_1.2.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: a44ab4d03d1b1740974503a18ad4c33f
SHA-256: b2a2415c5aa63c424880db2358c272a6d8afcc9a0257c7c25c3fb9a9b089fcc5
 
x86_64:
openswan-2.6.32-4.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 1b762697c4080519c02e3d10079cf344
SHA-256: aa7e87d3fc455e6f4d33b3e2982a41f959d6bda4dba1eb2657c117c3f819625d
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 240ddca553b1b32dbd84f9d384308368
SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
openswan-doc-2.6.32-4.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 40625a322a72a3e8be8a734e58782d2c
SHA-256: 6f20e57e53351eab44e10ff7eec3a0aadc8024970cef56dd14157630c282a069
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
openswan-2.6.32-4.el6_1.2.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: c9d3634450837b906bf2eaff8754b0cb
SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
 
IA-32:
openswan-2.6.32-4.el6_1.2.i686.rpm
File outdated by:  RHSA-2011:1422
    MD5: 9aea07cccebd85ae63d7a711caa4df14
SHA-256: efe3ca0bece39191d4d605a5b0bbec176f21a98851fef53f404b07c97bf2a863
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm
File outdated by:  RHSA-2011:1422
    MD5: b057a0cb60f0a07a703542453a383d06
SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74
openswan-doc-2.6.32-4.el6_1.2.i686.rpm
File outdated by:  RHSA-2011:1422
    MD5: 41f3178de8e69a9e5ee293386f4b0794
SHA-256: 19ed46dd71e0b6376a81911ae428da448c6c3c458f98e3d85d86c948976aec50
 
PPC:
openswan-2.6.32-4.el6_1.2.ppc64.rpm
File outdated by:  RHSA-2011:1422
    MD5: b29c4a576a418509db89625bc4bb6b7e
SHA-256: 9666c2143bfcdf84fb035c5bc04f71c28d94d44aa91ed890d7b94a403ee05bea
openswan-debuginfo-2.6.32-4.el6_1.2.ppc64.rpm
File outdated by:  RHSA-2011:1422
    MD5: d55017590a1781049c6b60f17d76c84b
SHA-256: ece45739d4a4d3f70818aadbe203960d6ca40fc1b3fae9a3490bbc86dcca547c
openswan-doc-2.6.32-4.el6_1.2.ppc64.rpm
File outdated by:  RHSA-2011:1422
    MD5: 725e3a434016b7823dde0638b12ccff4
SHA-256: e8f068bf9bcd92963baa6b72a38130de40001e245327f08d4b69e5e873b4cb31
 
s390x:
openswan-2.6.32-4.el6_1.2.s390x.rpm
File outdated by:  RHSA-2011:1422
    MD5: 235b704eaccdb42fb081c8cd5969e3b9
SHA-256: a23997a758743ee37826bd8e49c386d91eae52d93a8f04c7a12046176a3a0d93
openswan-debuginfo-2.6.32-4.el6_1.2.s390x.rpm
File outdated by:  RHSA-2011:1422
    MD5: 8f338cdf87b43e6a335e9b96b11f553c
SHA-256: 2481afe8ef02d24ac55e4d951f0a5a162f4431ca196cc5914bb832247833e5b3
openswan-doc-2.6.32-4.el6_1.2.s390x.rpm
File outdated by:  RHSA-2011:1422
    MD5: a44ab4d03d1b1740974503a18ad4c33f
SHA-256: b2a2415c5aa63c424880db2358c272a6d8afcc9a0257c7c25c3fb9a9b089fcc5
 
x86_64:
openswan-2.6.32-4.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2011:1422
    MD5: 1b762697c4080519c02e3d10079cf344
SHA-256: aa7e87d3fc455e6f4d33b3e2982a41f959d6bda4dba1eb2657c117c3f819625d
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2011:1422
    MD5: 240ddca553b1b32dbd84f9d384308368
SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
openswan-doc-2.6.32-4.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2011:1422
    MD5: 40625a322a72a3e8be8a734e58782d2c
SHA-256: 6f20e57e53351eab44e10ff7eec3a0aadc8024970cef56dd14157630c282a069
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
openswan-2.6.32-4.el6_1.2.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: c9d3634450837b906bf2eaff8754b0cb
SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
 
IA-32:
openswan-2.6.32-4.el6_1.2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 9aea07cccebd85ae63d7a711caa4df14
SHA-256: efe3ca0bece39191d4d605a5b0bbec176f21a98851fef53f404b07c97bf2a863
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: b057a0cb60f0a07a703542453a383d06
SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74
openswan-doc-2.6.32-4.el6_1.2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 41f3178de8e69a9e5ee293386f4b0794
SHA-256: 19ed46dd71e0b6376a81911ae428da448c6c3c458f98e3d85d86c948976aec50
 
x86_64:
openswan-2.6.32-4.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 1b762697c4080519c02e3d10079cf344
SHA-256: aa7e87d3fc455e6f4d33b3e2982a41f959d6bda4dba1eb2657c117c3f819625d
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 240ddca553b1b32dbd84f9d384308368
SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
openswan-doc-2.6.32-4.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 40625a322a72a3e8be8a734e58782d2c
SHA-256: 6f20e57e53351eab44e10ff7eec3a0aadc8024970cef56dd14157630c282a069
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

742065 - CVE-2011-3380 openswan: IKE invalid key length allows remote unauthenticated user to crash openswan


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/